Saturday, June 22, 2013

Facebook Security Breach 6M Users details exposed

Facebook said that a security breach caused it to inadvertently reveal the
personal data of six million users including their phone numbers for the
past year. Facebook says it uses this data so it can generate friend request recommendations. It’s mystifying to explain how an entity as large and far
reaching as Facebook could go a year without catching such a glaring
breach. The bug, which was reported via Facebook’s crowd sourced, White Hat security researcher program,
was a part of one of Facebook’s data download tools. Facebook
introduced the tool, named “Download Your Information”, allows users to
do just that: It provides a history of your Facebook data since you
joined the network, including Timeline data, contact information, photos
and videos.

This news could come as a shock to Facebook
users who trusted the site's customized privacy settings. The social
networking site landed up in controversy earlier this month when it revealed that 9,000 - 10,000 of its users' details were shared with the US authorities. Facebook’s security team said in a blog post about the data breach on 21/06/13. "At Facebook, we take people’s privacy seriously, and we strive to
protect people’s information to the very best of our ability. We
implement many safeguards, hire the brightest engineers and train them
to ensure we have only high-quality code behind the scenes of your
Facebook experiences. We even have teams that focus exclusively on
preventing and fixing privacy-related technical issues before they
affect you. . . . . . . . . . . . . .. .We have already notified our regulators in the US, Canada and
Europe, and we are in the process of notifying affected users via email. We
appreciate the security researcher's report to our White Hat program,
and have paid out a bug bounty to thank him for his efforts."

Facebook did not specify time period for which the user details
were exposed but said the bug was reported only 'recently'. It has
alerted its six million users whose personal details were exposed
besides sending out an apology via email.

Here is the full text of the apology email:Dear....,Your privacy is incredibly important to everyone who works at
Facebook, and we're dedicated to protecting your information. While many
of us focus our full-time jobs on preventing or fixing issues before
they affect anyone, we recently fell short of our goal and a technical
bug caused your telephone number or email address to be accessible by
another person.The bug was limited in scope and likely only allowed someone you
already know outside of Facebook to see your email address or telephone
number. That said, we let you down and we are taking this error very
seriously.Describing what caused the bug can get pretty technical, but we
want to explain how it happened. When people upload their contact lists
or address books to Facebook, we try to match that data with the contact
information of other people on Facebook in order to generate friend
recommendations. Because of the bug, the email addresses and phone
numbers used to make friend recommendations and reduce the number of
invitations we send were inadvertently stored in their account on
Facebook, along with their uploaded contacts. As a result, if a person
went to download an archive of their Facebook account through our
Download Your Information (DYI) tool, which included their uploaded
contacts, they may have been provided with additional email addresses or
telephone numbers.Here is your contact Information (inadvertently accessible by at most 1 Facebook user):[Phone number][Email address 1][Email address 2]We estimate that 1 Facebook user saw this additional contact info
displayed next to your name in their downloaded copy of their account
information. No other info about you was shown and it's likely that
anyone who saw this is not a stranger to you, even if you're not friends
on Facebook.We recognize that mistakenly sharing contact info is
unacceptable, even if you are acquainted with people who saw these
details, and we've taken measures to prevent this from happening again.
For more information on the bug, please read our blog post.All of us at Facebook take this issue very personally. We
appreciate your ongoing use of Facebook, and are working every day to
deliver the level of service you expect and deserve.Thank you,The Facebook Team